Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-10862 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10862)
cross-site scripting in wordpress (CVE-2026-10862). Risk of unauthorized operations or information disclosure.
CVE-2026-44746 Cross-Site Scripting (XSS) in CVE-2026-44746 (CVE-2026-44746)
cross-site scripting in CVE-2026-44746 (CVE-2026-44746). Risk of unauthorized operations or information disclosure.
CVE-2026-40128 Vulnerability in path-traversal (CVE-2026-40128)
vulnerability in path-traversal (CVE-2026-40128). Successful exploitation can lead to full system takeover.
CVE-2026-44744 SQL Injection in sqli (CVE-2026-44744)
SQL injection in sqli (CVE-2026-44744). Confidential information can be exposed externally.
CVE-2026-45034 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-45034)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-45034). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_url``. Mitigation: upgrade to `1.30.5` or later.
CVE-2026-11585 Vulnerability in sqli (CVE-2026-11585)
vulnerability in sqli (CVE-2026-11585). Risk of unauthorized operations or information disclosure.
CVE-2026-47345 Cross-Site Scripting (XSS) in typo3/html-sanitizer (CVE-2026-47345)
cross-site scripting in typo3/html-sanitizer (CVE-2026-47345). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.2` or later.
CVE-2026-47344 Cross-Site Scripting (XSS) in typo3/html-sanitizer (CVE-2026-47344)
cross-site scripting in typo3/html-sanitizer (CVE-2026-47344). Risk of unauthorized operations or information disclosure. Exploitable via ``ALLOW_INSECURE_RAW_TEXT``. Mitigation: upgrade to `2.3.2` or later.
CVE-2026-46484 Path Traversal in path-traversal (CVE-2026-46484)
path traversal in path-traversal (CVE-2026-46484). Data can be tampered with by attackers.
CVE-2026-40519 OS Command Injection in nginx (CVE-2026-40519)
OS command injection in nginx (CVE-2026-40519). Successful exploitation can lead to full system takeover.
CVE-2026-11584 Vulnerability in sqli (CVE-2026-11584)
vulnerability in sqli (CVE-2026-11584). Risk of unauthorized operations or information disclosure.
CVE-2026-35058 Vulnerability in dos (CVE-2026-35058)
vulnerability in dos (CVE-2026-35058). Risk of unauthorized operations or information disclosure.
CVE-2026-11583 Vulnerability in sqli (CVE-2026-11583)
vulnerability in sqli (CVE-2026-11583). Risk of unauthorized operations or information disclosure.
CVE-2026-11582 Vulnerability in sqli (CVE-2026-11582)
vulnerability in sqli (CVE-2026-11582). Risk of unauthorized operations or information disclosure.
CVE-2026-52778 Code Injection in dos (CVE-2026-52778)
code injection in dos (CVE-2026-52778). Successful exploitation can lead to full system takeover.
CVE-2026-11559 Vulnerability in sqli (CVE-2026-11559)
vulnerability in sqli (CVE-2026-11559). Risk of unauthorized operations or information disclosure.
CVE-2026-11558 Vulnerability in sqli (CVE-2026-11558)
vulnerability in sqli (CVE-2026-11558). Risk of unauthorized operations or information disclosure.
CVE-2026-44892 Vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892). Risk of unauthorized operations or information disclosure. Exploitable via ``Http3ConnectionHandler``. Mitigation: upgrade to `4.2.15.Final` or later.
CVE-2026-44890 Vulnerability in io.netty:netty-codec-redis (CVE-2026-44890)
vulnerability in io.netty:netty-codec-redis (CVE-2026-44890). Risk of unauthorized operations or information disclosure. Exploitable via ``decodeLength``. Mitigation: upgrade to `4.1.135.Final` or later.
CVE-2026-44250 Vulnerability in io.netty:netty-codec-redis (CVE-2026-44250)
vulnerability in io.netty:netty-codec-redis (CVE-2026-44250). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
CVE-2026-41448 Path Traversal in path-traversal (CVE-2026-41448)
path traversal in path-traversal (CVE-2026-41448). Confidential information can be exposed externally.
CVE-2026-25559 Path Traversal in path-traversal (CVE-2026-25559)
path traversal in path-traversal (CVE-2026-25559). Successful exploitation can lead to full system takeover.
CVE-2026-25855 OS Command Injection in CVE-2026-25855 (CVE-2026-25855)
OS command injection in CVE-2026-25855 (CVE-2026-25855). Successful exploitation can lead to full system takeover.
CVE-2026-25856 Code Injection in c (CVE-2026-25856)
code injection in c (CVE-2026-25856). Successful exploitation can lead to full system takeover.
CVE-2026-25555 Vulnerability in CVE-2026-25555 (CVE-2026-25555)
vulnerability in CVE-2026-25555 (CVE-2026-25555). Successful exploitation can lead to full system takeover. Exploitable via `X-API-Key header`.
CVE-2026-11531 Vulnerability in sqli (CVE-2026-11531)
vulnerability in sqli (CVE-2026-11531). Risk of unauthorized operations or information disclosure.
CVE-2026-11530 Vulnerability in sqli (CVE-2026-11530)
vulnerability in sqli (CVE-2026-11530). Risk of unauthorized operations or information disclosure.
CVE-2026-11534 Cross-Site Scripting (XSS) in CVE-2026-11534 (CVE-2026-11534)
cross-site scripting in CVE-2026-11534 (CVE-2026-11534). Risk of unauthorized operations or information disclosure.
CVE-2026-11611 Vulnerability in dos (CVE-2026-11611)
vulnerability in dos (CVE-2026-11611). Risk of unauthorized operations or information disclosure.
CVE-2026-49975 Vulnerability in apache (CVE-2026-49975)
vulnerability in apache (CVE-2026-49975). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
CVE-2026-36786 Vulnerability in dos (CVE-2026-36786)
vulnerability in dos (CVE-2026-36786). Risk of unauthorized operations or information disclosure.
CVE-2026-29170 Cross-Site Scripting (XSS) in apache (CVE-2026-29170)
cross-site scripting in apache (CVE-2026-29170). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
CVE-2026-11529 Vulnerability in sqli (CVE-2026-11529)
vulnerability in sqli (CVE-2026-11529). Risk of unauthorized operations or information disclosure.
CVE-2026-49233 Path Traversal in routinator (CVE-2026-49233)
path traversal in routinator (CVE-2026-49233). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.2` or later.
CVE-2026-11518 Cross-Site Scripting (XSS) in CVE-2026-11518 (CVE-2026-11518)
cross-site scripting in CVE-2026-11518 (CVE-2026-11518). Risk of unauthorized operations or information disclosure.
CVE-2026-25558 Cross-Site Scripting (XSS) in CVE-2026-25558 (CVE-2026-25558)
cross-site scripting in CVE-2026-25558 (CVE-2026-25558). Risk of unauthorized operations or information disclosure.
CVE-2026-11520 Cross-Site Scripting (XSS) in CVE-2026-11520 (CVE-2026-11520)
cross-site scripting in CVE-2026-11520 (CVE-2026-11520). Risk of unauthorized operations or information disclosure.
CVE-2026-36789 Vulnerability in dos (CVE-2026-36789)
vulnerability in dos (CVE-2026-36789). Risk of unauthorized operations or information disclosure.
CVE-2026-9549 Cross-Site Scripting (XSS) in checkmk (CVE-2026-9549)
cross-site scripting in checkmk (CVE-2026-9549). Risk of unauthorized operations or information disclosure.
CVE-2026-8833 Cross-Site Scripting (XSS) in checkmk (CVE-2026-8833)
cross-site scripting in checkmk (CVE-2026-8833). Risk of unauthorized operations or information disclosure.
CVE-2026-8078 Cross-Site Scripting (XSS) in checkmk (CVE-2026-8078)
cross-site scripting in checkmk (CVE-2026-8078). Risk of unauthorized operations or information disclosure.
CVE-2026-7186 Cross-Site Scripting (XSS) in checkmk (CVE-2026-7186)
cross-site scripting in checkmk (CVE-2026-7186). Risk of unauthorized operations or information disclosure.
CVE-2026-11577 Authorization Flaw in privilege-escalation (CVE-2026-11577)
vulnerability in privilege-escalation (CVE-2026-11577). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/realms/{realm}/partialImport`.
CVE-2026-11514 Vulnerability in sqli (CVE-2026-11514)
vulnerability in sqli (CVE-2026-11514). Risk of unauthorized operations or information disclosure.
CVE-2026-11513 Vulnerability in sqli (CVE-2026-11513)
vulnerability in sqli (CVE-2026-11513). Risk of unauthorized operations or information disclosure.
CVE-2026-11512 Cross-Site Scripting (XSS) in CVE-2026-11512 (CVE-2026-11512)
cross-site scripting in CVE-2026-11512 (CVE-2026-11512). Risk of unauthorized operations or information disclosure.
CVE-2026-11509 Vulnerability in sqli (CVE-2026-11509)
vulnerability in sqli (CVE-2026-11509). Risk of unauthorized operations or information disclosure.
CVE-2026-11508 Vulnerability in sqli (CVE-2026-11508)
vulnerability in sqli (CVE-2026-11508). Risk of unauthorized operations or information disclosure.
CVE-2026-11510 Vulnerability in sqli (CVE-2026-11510)
vulnerability in sqli (CVE-2026-11510). Risk of unauthorized operations or information disclosure.
CVE-2026-11506 Vulnerability in sqli (CVE-2026-11506)
vulnerability in sqli (CVE-2026-11506). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →